The problem can be corrected by upgrading the affected package toversion 2.6.8.1-16.24 (for Ubuntu 4.10), or 2.6.10-34.7 (for Ubuntu5.04). After a standard system upgrade you need to reboot yourcomputer to effect the necessary changes.

Details follow:

A Denial of Service vulnerability was discovered in thesys_set_mempolicy() function. By calling the function with a negativefirst argument, a local attacker could cause a kernel crash.(CAN-2005-3053)

A race condition was discovered in the handling of shared memorymappings with CLONE_VM. A local attacker could exploit this to cause adeadlock (Denial of Service) by triggering a core dump while waitingfor a thread which had just performed an exec() system call.(CAN-2005-3106)

A race condition was found in the handling of traced processes. Whenone thread was tracing another thread that shared the same memory map,a local attacker could trigger a deadlock (Denial of Service) byforcing a core dump when the traced thread was in the TASK_TRACEDstate. (CAN-2005-3107)

A vulnerability has been found in the "ioremap" module. By performingcertain IO mapping operations, a local attacker could either readmemory pages he has not normally access to (information leak) or causea kernel crash (Denial of Service). This only affects the amd64platform. (CAN-2005-3108)

The HFS and HFS+ file system drivers did not properly verify that thefile system that was attempted to be mounted really was HFS/HFS+. Onmachines which allow users to mount arbitrary removable devices as HFSor HFS+ with an /etc/fstab entry, this could be exploited to trigger akernel crash. (CAN-2005-3109)

Steve Herrel discovered a race condition in the "ebtables" netfiltermodule. A remote attacker could exploit this by sending speciallycrafted packets that caused a value to be modified after it hadbeen read but before it had been locked. This eventually lead to akernel crash. This only affects multiprocessor machines (SMP).(CAN-2005-3110)

Robert Derr discovered a memory leak in the system call auditing code.On a kernel which has the CONFIG_AUDITSYSCALL option enabled, thisleads to memory exhaustion and eventually a Denial of Service. A localattacker could also speed this up by excessively calling system calls.This only affects customized kernels built from the kernel sourcepackages. The standard Ubuntu kernel does not have theCONFIG_AUDITSYSCALL option enabled, and is therefore not affected bythis.(http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h‚9841146878e082613a49581ae252c071057c23)